Catherine M. Anderson and Gabrielle A. Bernstein of Foley Hoag LLP write: On April 10, 2013, the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) jointly adopted identity theft red flags rules (the Rules) and corresponding guidelines requiring certain SEC and CFTC-regulated entities to implement identity theft prevention programs. The Rules…
Category: Breach Laws
Australian government brings on mandatory data breach notification
Josh Taylor reports: After close to five years of work, the Australian government will introduce mandatory data breach notification legislation into parliament, but the laws would be unlikely to take effect until sometime next year if they make it through parliament before the September 14 federal election. Read more on ZDNet.
Distress must be directly linked to data breach for consumers to claim compensation, rules Court of Appeal
From Out-Law.com: In a recently published judgment, the Court said that the Data Protection Act (DPA) does not oblige businesses to pay individuals compensation for distress that causes damage where the distress caused is not attributable to a breach of the Act. Under section 13 of the DPA a person is generally entitled to compensation…
California Senate passes amendment to breach law to incorporate access to online accounts
California continues to lead the way in protecting consumers whose data have been breached. By a vote of 37-0-1 last week, the Senate passed S.B. 46, a bill introduced by Senator Ellen Corbett. The bill amends existing law to expand required notification to situations involving access to an online account. The law would still incorporate…
New guidance on data breaches in Belgium
I’ve been looking for an English language report on the new breach guidelines in Belgium and finally found one. Cédrine Morlière and Ludo Deklerck of Bird & Bird write: When the data breach results in a “public incident” (when a data breach results in a public leakage of private data), according to the guidance, the…
Pennsylvania on data breach – shoot first, ask questions later
Blaine Kimrey of Lathrop & Gage LLP has a commentary on a breach notification law that passed the PA Senate. As noted previously on this blog, the bill extends existing data breach notification responsibilities to state agencies, but also requires notification of those affected within seven days. Kimrey writes: After a series of embarrassing governmental…